Secure JPEG2000 (JPSEC) Images

JPEG2000 Is an image compression scheme based on the discrete wavelet transform (DWT) and embedded block coding with optimal truncation (EBCOT) scalable coding. Security in JPEG2000 is addressed in the JPSEC standard. Since JPSEC is designed to work within the JPEG2000 codestream framework, it offers a number of opportunities to both avoid some of the standard restrictions of image security and to use the security to our advantages.

The JPEG2000 encoder produces a codestream which is able to be transcoded in the compressed domain. This transcoding can be done with simple parsing of the codestream. JPSEC extends this further by allowing transcoding of a protected compressed image without the need to either decrypt the image or to decode it. This is possible because a number of the properties of JPSEC.

First, JPSEC allows multiple message authentication codes, and allows them to be associated with different portions of the data. For example, assume that there are two tiles, three DWT layers and three quality layers. It is possible to have 18 MACs, one for each tile-layer-quality combination. This would allow the end user to authenticate a codestream which contained, for example, only the first two quality layers, or just one of the tiles.

JPSEC also defines zones of interest (ZOI). These ZOI can be created by a particular scalable component of interest. For example, if an image source wanted to create an image which would be resolution scalable, it could create a separate ZOI for each of the resolution layers. Each of these zones could then be encrypted independently and authenticated independently. Any intermediate node could then drop any number of the layers, while allowing the scaled bitstream to still be decodable and decryptable at the receiver.

Finally, the main security marker (SEC) contains information about all of these components, including where each ZOI is located within the codestream. This allows any intermediary node to read the SEC and quickly remove a subset of the codestream. This codestream can then be decrypted and decoded at the receiving node. More importantly, the intermediate node does not have access to the encrypted data, but only to the data headers.

Though this is presented above in terms of transcoding an image, the same properties can also be used for access control of an image. For instance, a content provider can freely distribute an encrypted image using the same ZOI format as described above with the exception that the lowest resolution layer is left uncoded. Users can obtain a copy of this image, but without the key, can only view the thumbnail like low resolution image. To view the higher resolution content, a user must obtain the key from the provider. The major advantage to this is that the content provider only needs to create and encode the image once, and the user only had to download the image once.